Security issue in Image Uploader

by Andrew 11/26/2007 9:55:00 PM

Recently we got a report that Image Uploader suffers from buffer overrun vulnerability. A BID was submitted by Elazar Broad to http://www.securityfocus.com, and he emailed us to inform about it. I am taking an  opportunity to thank Elazar for all his help with it. Here is this BID:  

http://www.securityfocus.com/bid/26537

It happened on weekends, so we had to go to the office on Sunday. Fortunately the problem was not difficult to locate and fix. So we have released version 4.5.70 which does not have this proble, and now we are informing all our customers to update Image Uploader on their websites.

You may wonder why this issue is so important. The problem is that buffer overrun vulnerability means that malicious persons can execute arbitrary code (including malware of course) on each computer where Image Uploader is installed. Many millions of people who visit websites of our customers are under the risk. If you are interested what buffer overrun is, here is a Wikipedia article:

http://en.wikipedia.org/wiki/Buffer_overrun 

So we urge everybody who uses Image Uploader to upload files to their websites to install the latest version. It is downloadable from the Image Uploader download page

Now here is a small FAQ.

Q: What versions of Image Uploader are vulnerable? 

A: All Image Uploader builds of 4.x family, except of 4.5.70 of course.

Q: What about previous versions?

A: This issue appeared when we added possibility to navigate to the arbitrary folder through the JavaScript. This feature was introduced in the 4.0 version. So if you are using version 3.5 or earlier, this issue does not affect you. 

However if you received version 3.x after we officially discontinued it, please contact us. We need to check it out.

Q: Where to download the fixed version?

A: First of all, you can download the latest version from the Image Uploader download page:

http://www.aurigma.com/Products/ImageUploader/FreeTrial.aspx

If you do not want to download entire SDK, you can download just the CAB file:

http://www.aurigma.com/Download/ImageUploader4570_CabOnly.zip

Q: How to install the update?

A: The update installation process is the same as described in documentation. In short:

  1. Download the latest .cab file (it should be version 4.5.70 or later).
  2. Replace it on your server.
  3. Update the version number in Image Uploader initialization block. It should be looking like this: iu.activeXControlVersion = "4,5,70,0";
Q: Is the update free?

A: This is a minor update. According to our upgrade policy, minor updates are free.

Q: I still have questions. Where I can get more information?

A: Please email us at info@aurigma.com.

Currently rated 4.0 by 3 people

  • Currently 4/5 Stars.
  • 1
  • 2
  • 3
  • 4
  • 5

Tags: , , ,

Image Uploader

E-mail | Kick it! | DZone it! | del.icio.us
Permalink | Comments (2) | Post RSSRSS comment feed

Related posts

Comments

11/27/2007 5:45:37 AM

codesmith

I don't quite understand the security issue. The Javascript example on the securityfocus.com shows a big loop instantiating the ActiveX control over and over. But isn't this just going to cause a buffer overrun on the computer that's running the script - how will that affect other users? Or could this only be brought about if a site with the ActiveX control gets hacked and the user is tricked into executing the javascript. And then what's the worse that could happen? The browser crashes?

codesmith

11/29/2007 10:11:21 PM

Andrew

Let's see how potential malicious persons can utilize this security flaw. A hacker writes the JavaScript which uses this buffer overflow bug to run malicious code, e.g. virus, trojan or whatever. It is not as difficult as may seem. Read article in Wikipedia about buffer overrun for better understanding how it works (it requires some Assembler knowledge though). Then the hacker use phishing to have some person to open the page containing the malicious JavaScript. Alternatively they can use cross-site scripting technique to inject this JavaScript to other sites.

So you see, this is quite serious. Each user who has vulnerable version of Image Uploader potentially may run some malware from the web without any knowledge of it.

P.S. If you do not know about phishing or cross-site scripting, I recommend to take a look in these Wikipedia articles:

http://en.wikipedia.org/wiki/Phishing
http://en.wikipedia.org/wiki/Cross-site_scripting

Andrew

Add comment


(Will show your Gravatar icon)  

  Country flag





Live preview

7/3/2008 9:59:57 AM

Powered by BlogEngine.NET 1.2.0.0
Theme by Mads Kristensen


Calendar

<<  July 2008  >>
MoTuWeThFrSaSu
30123456
78910111213
14151617181920
21222324252627
28293031123
45678910

View posts in large calendar

Pages

    Recent posts

    Recent comments

    Archive

    Authors

    Tags

    Categories


    Blogroll

    Download OPML file OPML

    Disclaimer

    The opinions expressed herein are my own personal opinions and do not represent my employer's view in anyway.

    © Copyright 2008

    Sign in